Preparing for Spear Phishing Attacks

Jun 27, 2018

Spear phishing is a major threat to any business. Did you know that 90 percent of cyberattacks on businesses come through phishing emails? In fact, spear phishing attacks have become so complex that they have the opportunity to trick even the savviest user. Is your team prepared to recognize the lure?

To be prepared, you need to know how hackers think. Human error is the number one vulnerability most hackers rely on; the second is established trust. In many spear phishing attacks, hackers pose as a well-known and respected organization, like a bank, in order to catch users off-guard and cause them to fall for their tricks. We have seen this play out many times in the news. For example, in February, spear phishing attackers targeted Netflix subscribers by sending emails that stated the user’s account had been deactivated due to a billing issue. These emails addressed the recipient by name to build credibility, and instructed them to click on a link to reactivate the account. That link took the user to a fake Netflix login page, where the real trouble began. After “logging in,” they would be prompted to provide credit card details, an updated address, and their mother’s maiden name. These may sound like personal matters that do not affect your business, but because people often recycle passwords, or use very similar passwords with slight variations, hackers could use those compromised login credentials to gain access to the user’s other accounts. Even if they are not using a work email account, a quick search on LinkedIn could easily reveal where the compromised user works. Then, getting into their work account would be a simple matter of testing different common naming conventions that companies use for email aliases.

As we can see in the Netflix example, spear phishing attackers rely on trust that other companies have built over time. They design fraudulent emails that create a sense of urgency, causing people to act without thinking, giving up sensitive information before considering the risks. These spear phishing attacks are an effective method through which to infiltrate a business network because they are more likely to catch users in their trap. Hackers put in more work up front to determine how to trick users. Unlike a typical phishing attack, which may be riddled with typos or have a generic greeting like, “Dear Customer,” spear phishing emails tend to use personal information like first names to lend legitimacy to their requests. What are you doing to remain safe and vigilant in the face of this threat?

Many users rely on spam filters to catch malicious email content, but would those filters catch an email coming from your own employee? Knowing they may be thwarted by spam filters, a popular tactic among hackers is to infiltrate one employee’s email account and use it as a springboard from which to further exploit your network. Using this method, a common trick is to look for a current work email chain within the employee’s account. Next, posing as the employee who owns the email alias, the hacker tries to convince the other users in the email thread to download a malicious attachment, installing malware that infects their devices and network. This impersonation tactic may not happen immediately. Some hackers spend months monitoring infiltrated emails in order to learn more about your organization. Through this tactic, they can determine which types of content and attachments your employees tend to receive, click on, and download so that they can lay a stronger trap. Even without taking over a trusted employee email account, spear phishing hackers have ways to bypass your spam filters and land in your main inbox. By using Google Drive links or Microsoft SharePoint URLs, they can trick Gmail and Outlook into thinking the messages are related to their own products.

Are you ready to learn more about spear phishing, other hacking tactics, and how to recognize them? Contact Haselkorn, Inc. There are many spear phishing giveaways we can help you and your team learn in order to recognize these attacks. Get in touch today!